What is the correct way to check file-uploads?

We are currently developing an antivirus app where we also want to scan the file-uploads directly (best case would be to scan them before they are available in the nextcloud instance).

We already found the files_antivirus and the Ransomware protection apps. When I understand the code correctly, both use a preSetup Hook on OC_Filesystem for that.

When I search for Nextcloud hooks on google or for hooks on the documentation directly, I get to this page:

The first thing we see there is the following quote:

Deprecated since version 18: Use the OCP event dispatcher instead.

And we find no documentation about the OC_Filesystem hooks themselfs (which would be ok, because we can look into the code for that).

The question is: Is this hook still the way to do this kind of scanning or is there a better way. And also important, if we use the connectHook to hook OC_Filesystem, will that hook be available in the future?

I think it’s the client’s job to find viruses and not the cloud’s job. Especially when there are practically only Windows viruses and many people use Android, iOS, Linux or macOS as Nextcloud clients :wink: But of course this is often required in terms of compliance and Microsoft 365 also offers this. Incidentally, in my opinion, the risk of viruses has diminished because operating systems such as Windows 10/11 are updated much more frequently nowadays and are therefore less susceptible. Perhaps you should reassess the risk.

The app ansomware protectionn is only supported until Nextcloud 25.

There is also the antivirus app. Have you had a look at that if it solved your problem eventually or you can at least have a look at their implementation.

Yeah, we already looked at that too. It uses the same mechanism as the ransomware protection.